<HTML>
<HEAD>
<TITLE>LongTail Log Analysis Home Page/Long Version</TITLE>
</HEAD>
<BODY bgcolor=#00f0FF>
<H1>LongTail Log Analysis/Long Version</H1>
<P>This page is updated hourly.
Last updated on Sun Mar  8 16:59:01 EDT 2015
<HR>
<H2>SSH Attacks and Probes</H2>
<P>
SSH Activity Today: 3152
<BR>
SSH Activity This Month: 76458
<BR>
SSH Activity This Year: 551091
<BR>
SSH Activity Since Logging Started: 551091
<H3>What you're probably most interested in are trends</H3>
<a href ="trends-in-root-passwords">Trends in Top 20 Root Passwords</a>
<BR>
<a href ="trends-in-admin-passwords">Trends in Top 20 Admin Passwords</a>
<BR>
<a href ="trends-in-non-root-passwords">Trends in Top Non 20 Root/Admin Passwords</a>
<BR>
<a href ="trends-in-accounts">Trends in Top 20 Accounts</a>
<BR>
<BR>
<a href ="graphics.html">Charts and Graphs</a>
<BR>
<a href ="statistics.html">Number of Attacks Statistics</a>
<BR>
<BR>
<a href ="current_attackers_lifespan.html">Lifetimes of Attackers</a>
<BR>
<a href ="attacks/ip_attacks.html">Attack Patterns By IP Address</a>
<BR>
<a href ="attack_patterns.html">Attack Patterns Used Multiple Times</a>
<BR>
<a href ="attack_patterns_single.html">Attack Patterns Used Only Once</a>
<BR>
<a href ="dictionaries.html">Dictionaries Used</a>
<H3>Today's Activity</H3>
<a href ="current-root-passwords">Root Passwords</a>
<BR>
<a href ="current-top-20-root-passwords">Top 20 Root Passwords</a>
<BR>
<BR>
<a href ="current-admin-passwords">Admin Passwords</a>
<BR>
<a href ="current-top-20-admin-passwords">Top 20 Admin Passwords</a>
<BR>
<BR>
<a href ="current-non-root-passwords">Non Root/Admin Passwords</a>
<BR>
<a href ="current-top-20-non-root-passwords">Top 20 Non Root/Admin Passwords</a>
<BR>
<BR>
<a href ="current-non-root-accounts">Accounts Tried</a>
<BR>
<a href ="current-top-20-non-root-accounts">Top 20 Accounts Tried</a>
<BR>
<BR>
<a href ="current-non-root-pairs">Non Root/Admin pairs</a>
<BR>
<a href ="current-top-20-non-root-pairs">Top 20 Non Root pairs</a>
<BR>
<BR>
<a href="current-ip-addresses">IP Addresses</a>
<BR>
<a href="current-top-20-ip-addresses">Top 20 IP Addresses</a>
<BR>
<a href="current-attacks-by-country">Attacks By Country, By IP Address </a>
<BR>
<BR>
<a href="current-raw-data.gz">Current Raw Data</a>
<BR>
<H3>Last 7 Days</H3>
<a href ="last-7-days-root-passwords">Root Passwords</a>
<BR>
<a href ="last-7-days-top-20-root-passwords">Top 20 Root Passwords</a>
<BR>
<BR>
<a href ="last-7-days-admin-passwords">Admin Passwords</a>
<BR>
<a href ="last-7-days-top-20-admin-passwords">Top 20 Admin Passwords</a>
<BR>
<BR>
<a href ="last-7-days-non-root-passwords">Non Root/Admin Passwords</a>
<BR>
<a href ="last-7-days-top-20-non-root-passwords">Top 20 Non Root/Admin Passwords</a>
<BR>
<BR>
<a href ="last-7-days-non-root-accounts">Accounts Tried</a>
<BR>
<a href ="last-7-days-top-20-non-root-accounts">Top 20 Accounts Tried</a>
<BR>
<BR>
<a href ="last-7-days-non-root-pairs">Non Root/Admin pairs</a>
<BR>
<a href ="last-7-days-top-20-non-root-pairs">Top 20 Non Root/Admin pairs</a>
<BR>
<BR>
<a href="last-7-days-ip-addresses">IP Addresses</a>
<BR>
<a href="last-7-days-top-20-ip-addresses">Top 20 IP Addresses</a>
<BR>
<a href="last-7-days-attacks-by-country">Attacks By Country, By IP Address </a>
<BR>
<BR>
<a href="last-7-days-raw-data.gz">Last 7 Days Raw Data</a>
<BR>

<H3>Last 30 Days</H3>
<a href ="last-30-days-root-passwords">Root Passwords</a>
<BR>
<a href ="last-30-days-top-20-root-passwords">Top 20 Root Passwords</a>
<BR>
<BR>
<a href ="last-30-days-admin-passwords">Admin Passwords</a>
<BR>
<a href ="last-30-days-top-20-admin-passwords">Top 20 Admin Passwords</a>
<BR>
<BR>
<a href ="last-30-days-non-root-passwords">Non Root/Admin Passwords</a>
<BR>
<a href ="last-30-days-top-20-non-root-passwords">Top 20 Non Root/Admin Passwords </a>
<BR>
<BR>
<a href ="last-30-days-non-root-accounts">Accounts Tried</a>
<BR>
<a href ="last-30-days-top-20-non-root-accounts">Top 20 Accounts Tried</a>
<BR>
<BR>
<a href ="last-30-days-non-root-pairs">Non Root/Admin pairs</a>
<BR>
<a href ="last-30-days-top-20-non-root-pairs">Top 20 Non Root/Admin pairs</a>
<BR>
<BR>
<a href="last-30-days-ip-addresses">IP Addresses</a>
<BR>
<a href="last-30-days-top-20-ip-addresses">Top 20 IP Addresses</a>
<BR>
<a href="last-30-days-attacks-by-country">Attacks By Country, By IP Address </a>
<BR>
<BR>
<a href="last-30-days-raw-data.gz">Last 30 Days Raw Data</a>
<BR>
<H3>
Historical Data
</H3>
<a href ="historical-root-passwords">Historical Root Passwords</a>
<BR>
<a href ="historical-top-20-root-passwords">Historical Top 20 Root Passwords</a>
<BR>
<a href ="trends-in-root-passwords">Trends in Top 20 Root Passwords</a>
<BR>
<a href ="trends-in-accounts">Trends in Top 20 Accounts</a>
<BR>
<BR>
<a href ="historical-admin-passwords">Historical Admin Passwords</a>
<BR>
<a href ="historical-top-20-admin-passwords">Historical Top 20 Admin Passwords</a>
<BR>
<a href ="trends-in-admin-passwords">Trends in Top 20 Admin Passwords</a>
<BR>
<BR>
<a href ="historical-non-root-passwords">Historical Non Root/Admin Passwords</a>
<BR>
<a href ="historical-top-20-non-root-passwords">Historical Top 20 Non Root/Admin Passwords</a>
<BR>
<a href ="trends-in-non-root-passwords">Trends in Top Non 20 Root/Admin Passwords</a>
<BR>
<BR>
<a href ="historical-non-root-accounts">Historical Accounts Tried</a>
<BR>
<a href ="historical-top-20-non-root-accounts">Historical Top 20 Accounts Tried</a>
<BR>
<a href ="trends-in-accounts">Trends in Top 20 Accounts</a>
<BR>
<BR>
<a href ="historical-non-root-pairs">Historical Non Root/Admin pairs</a>
<BR>
<a href ="historical-top-20-non-root-pairs">Historical Top 20 Non Root/Admin pairs</a>
<BR>
<BR>
<a href="historical-ip-addresses">Historical IP Addresses</a>
<BR>
<a href="historical-top-20-ip-addresses">Historical Top 20 IP Addresses</a>
<BR>
<a href="historical-attacks-by-country">Historical Attacks By Country, By IP Address </a>
<BR>
<a href="historical-ssh-attacks-by-time-of-day">Historical Attacks By Time of Day </a>
<BR>
<BR>
<a href="historical-raw-data.gz">Historical Raw Data</a>
<BR>
<BR>
<a href="historical/">Long Term Historical Reports</A>
<HR>
<BR>
<H2>HTTP Attacks and Probes</H2>
<H3>Access Logs</H3>
<a href="current-access-log">Todays Apache access log</a>
<BR>
<a href="historical-access-log">Historical Apache Access Log</a>
<BR>
<BR>
<H3>Today's Activity</H3>
<P>Shellshock:What webpages are they looking for?
<BR>
<a href="current-shellshock-webpages">Shellshock Webpages<a/>
<BR>
<a href="current-top-20-shellshock-webpages">Top 20 Shellshock Webpages</a>
<BR>
<BR>
<P>What are the actual attacks they are trying to run?
<BR>
<a href="current-attacks">Attacks</a>
<BR>
<a href="current-top-20-attacks">Top 20 Attacks</a>
<BR>
<BR>
<P>Where are they getting their payloads from or trying to connect to with bash?
<BR>
<a href="current-payloads">Payloads</A>
<BR>
<a href="current-top-20-payloads">Top 20 Payloads</a>
<BR>
<P>What are they trying to rm?
<BR>
<a href="current-rm-attempts">`rm` attempts</a>
<BR>
<a href="current-top-20-rm-attempts">Top 20 `rm` attempts</a>
<BR>
<BR>
<P>Shellshock attacks not explitly using perl
<BR>
<a href="current-shellshock-not-using-perl">Shellshock Attacks not explicitly using perl</A>
<BR>
<a href="current-top-20-shellshock-not-using-perl">Top 20 Shellshock Attacks not explicitly using perl</A>
<BR>
<BR>
<P>Shellshock logs
<BR>
<a href="current-access-log-shell-shock">Todays Apache Shell Shock log</a>
<BR>
<a href="current-country-access-log-shell-shock">Todays Apache Shell Shock Country log</a>
<BR>
<a href="current-ip-access-log-shell-shock">Todays Apache Shell Shock IP log</a>
<BR>
<BR>
<P> 404 Probes
<BR>
<a href="current-access-log-404">Today's 404 Probes Log</a>
<BR>
<BR>
<a href="current-open-proxy-log-404">Today's Open Proxy Log</a>
<BR>
<a href="current-ip-open-proxy-404">Today's IP Open Proxy Log</a>
<BR>
<a href="current-country-open-proxy-log-404">Today's Country Open Proxy Log</a>
<BR>
<BR>
<a href="current-ip-access-log-404">Today's 404 Probes IP Log</a>
<BR>
<a href="current-top-20-ip-access-log-404">Today's Top 20 404 Probes IP Log</a>
<BR>
<a href="current-country-access-log-404">Today's 404 Probes Country Log</a>
<BR>
<BR>
<H3>
Historical
</H3>
<P>Shellshock: What webpages are they looking for?
<BR>
<a href="historical-shellshock-webpages">Historical Shellshock Webpages<a/>
<BR>
<a href="historical-top-20-shellshock-webpages">Historical Top 20 Shellshock Webpages</a>
<BR>
<BR>
<P>What are the actual attacks they are trying to run?
<BR>
<a href="historical-attacks">Historical Attacks</a>
<BR>
<a href="historical-top-20-attacks">Historical Top 20 Attacks</a>
<BR>
<BR>
<P>Where are they getting their payloads from or trying to connect to with bash?
<BR>
<a href="historical-payloads">Historical Payloads</A>
<BR>
<a href="historical-top-20-payloads">Historical Top 20 Payloads</a>
<BR>
<BR>
<P>What are they trying to rm?
<BR>
<a href="historical-rm-attempts">Historical `rm` attempts</a>
<BR>
<a href="historical-top-20-rm-attempts">Top 20 Historical `rm` attempts</a>
<BR>
<BR>
<P>Shellshock attacks not explitly using perl
<BR>
<a href="historical-shellshock-not-using-perl">Historical Shellshock Attacks not explicitly using perl</A>
<BR>
<a href="historical-top-20-shellshock-not-using-perl">Top 20 Historical Shellshock Attacks not explicitly using perl</A>
<BR>
<BR>
<P>Shellshock logs
<BR>
<a href="historical-access-log-shell-shock">Historical Apache Shell Shock log</a>
<BR>
<a href="historical-country-access-log-shell-shock">Historical Apache Shell Shock Country log</a>
<BR>
<a href="historical-ip-access-log-shell-shock">Historical Apache Shell Shock IP log</a>
<BR>
<a href="historical-shellshock-by-time-of-day">Historical Apache Shell Shock by Time of Day</a>
<BR>
<BR>
<P> 404 Probes
<BR>
<a href="historical-access-log-404">Historical 404 Probes Log</a>
<BR>
<BR>
<a href="historical-open-proxy-log-404">Historical Open Proxy Log</a>
<BR>
<a href="historical-ip-open-proxy-404">Historical IP Open Proxy Log</a>
<BR>
<a href="historical-country-open-proxy-log-404">Historical Country Open Proxy Log</a>
<BR>
<BR>
<a href="historical-ip-access-log-404">Historical 404 Probes IP Log</a>
<BR>
<a href="historical-top-20-ip-access-log-404">Historical Top 20 404 Probes IP Log</a>
<BR>
<a href="historical-country-access-log-404">Historical 404 Probes Country Log</a>
<BR>
<BR>
<HR>
<a href="historical/">Long term historical data</A>
<HR>
<P>Get the source code at <a href="https://github.com/wedaa/LongTail-Log-Analysis">https://github.com/wedaa/LongTail-Log-Analysis</a>
<P>Read my blog at <a href="https://ewedaa.wordpress.com/">https://ewedaa.wordpress.com/</a>
<P>LongTail Copyright 2015 by Eric Wedaa, under GPLV2
</BODY>
